Log doubt

Answered Question
Jul 30th, 2008

Hi...

I have an ASA 5540, and im testing the logginng.

When I telnet (port 23) my internal interface, the log shows me that the connection was denied. All rigth.

But, when I telnet with another port, for example 5858, the log doesn't show me anything.

Why?

Is this a normal behavior?

Thanks

I have this problem too.
0 votes
Correct Answer by robertson.michael about 8 years 4 months ago

Yes you are absolutely correct. The 710005 messages will only be seen if you are logging at the "debugging" (7) level. Your ASDM logging is set to the "informational" (6) level. You'll need to issue the following command:

ASA(config)# logging asdm debugging

Give that a try and let me know if it works.

-Mike

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
robertson.michael Sat, 08/02/2008 - 18:43

Hi,

I am assuming the syslog message that you're referring to is %ASA-3-710003. According to the ASA syslog documentation:

"This message is displayed when the security appliance denies an attempt to connect to the interface service."

So, I think that we will only see %ASA-3-710003 messages for attempted connections on ports that the firewall is running a particular service on (i.e. 21, 23, 80, 443). For other ports, such as 5858, you'll see %ASA-7-710005 messages instead.

Hope that helps.

-Mike

Tauer Drumond Mon, 08/04/2008 - 05:05

Hi, Robertson and Farrukh

when I telnet (port 23) I see 710003 denied access..ok.

But when I telnet with another port, I didn't see the 710005, like you said.

I'm loggining at Debugging level at ASDM

Farrukh Haroon Sun, 08/03/2008 - 18:45

At what level are you logging (check this with the show logging output). It could be the other syslogs are at a higher level. The ASA generates a syslog for each permit/deny (at least on the first packet of each flow) even tough this could be indicated through different syslog messages/levels

Regards

Farrukh

Tauer Drumond Mon, 08/04/2008 - 05:26

Hi, Robertson and Farrukh

when I telnet (port 23) I see 710003 denied access..ok.

But when I telnet with another port, I didn't see the 710005, like you said.

I'm loggining at Debugging level at ASDM

robertson.michael Mon, 08/04/2008 - 09:47

Hi,

You should see 710005 if you are logging at the debugging level.

Could you post the output of 'show run | inc logging' from your ASA?

-Mike

Tauer Drumond Mon, 08/04/2008 - 09:53

Hi Mike...

see output:

logging enable

logging monitor informational

logging trap informational

logging asdm informational

logging host LAN 172.x.x.x

I think I figured the error. Should the configuration be seted to "debugging"???

Correct Answer
robertson.michael Mon, 08/04/2008 - 09:55

Yes you are absolutely correct. The 710005 messages will only be seen if you are logging at the "debugging" (7) level. Your ASDM logging is set to the "informational" (6) level. You'll need to issue the following command:

ASA(config)# logging asdm debugging

Give that a try and let me know if it works.

-Mike

Tauer Drumond Mon, 08/04/2008 - 10:32

Hi Mike...

Now its working fine...I can see ASA denying my telnet connection at port 5858.

Thanks you...

Actions

This Discussion